Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/CNzkiSB6aHtzY0O727sE464QSi8.roa
File:                     CNzkiSB6aHtzY0O727sE464QSi8.roa (raw, json)
Hash identifier:          jl53RICMTSEcHClA6hdGIYAm+qbxdQWju025NBkPLn8=
Subject key identifier:   08:DC:E4:89:20:7A:68:7B:73:63:43:BB:DB:BB:04:E3:AE:10:4A:2F
Certificate issuer:       /CN=515f61a6e08ded6f1ff50511c62089696ab564a8
Certificate serial:       01942521B74669896A7CDBF158FB874197EF
Authority key identifier: 51:5F:61:A6:E0:8D:ED:6F:1F:F5:05:11:C6:20:89:69:6A:B5:64:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UV9hpuCN7W8f9QURxiCJaWq1ZKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/CNzkiSB6aHtzY0O727sE464QSi8.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30849
IP address blocks:        193.23.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/UV9hpuCN7W8f9QURxiCJaWq1ZKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/UV9hpuCN7W8f9QURxiCJaWq1ZKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UV9hpuCN7W8f9QURxiCJaWq1ZKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b7:46:69:89:6a:7c:db:f1:58:fb:87:41:97:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=515f61a6e08ded6f1ff50511c62089696ab564a8
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08dce489207a687b736343bbdbbb04e3ae104a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ec:12:72:14:19:95:87:a8:62:5e:b1:33:96:
                    e0:5e:11:a2:37:a7:81:85:79:4c:7a:fd:fb:2a:32:
                    32:c8:29:a8:b1:91:19:16:06:46:84:24:dd:ed:37:
                    7f:75:82:77:3e:40:6d:26:6b:19:e5:62:9e:af:42:
                    ba:34:b2:c6:e6:b7:45:e7:f2:b7:7e:2a:57:64:e8:
                    7f:3c:50:e1:3a:0d:ac:5e:16:5c:8d:8b:fc:55:ee:
                    50:3b:97:d8:cb:b9:2e:3e:27:3f:5e:6c:3c:90:ec:
                    0e:a3:a4:9b:1a:e9:9c:2c:75:48:6d:c2:80:01:1c:
                    01:a0:bb:f0:3a:58:57:1e:d3:7d:8b:f5:38:08:2f:
                    17:dd:e4:c3:4a:54:e0:33:34:7e:17:79:db:fb:05:
                    9e:fb:ff:c0:4f:d5:70:10:ef:fd:67:ee:e3:a7:95:
                    4b:20:54:ae:9a:a2:1d:a9:3a:05:af:92:6a:ce:ad:
                    60:ff:cb:3a:32:da:e2:8a:b9:77:c7:46:cf:bf:90:
                    8d:0e:c2:d9:6d:16:58:fb:5b:f9:55:3e:c0:73:59:
                    e3:97:87:66:0e:c6:f7:fc:67:ad:ca:93:03:c7:fa:
                    9d:d5:7b:a3:80:42:c1:49:7d:5b:75:23:3d:50:5c:
                    66:ad:a0:4e:e3:54:9a:26:72:db:d3:0d:02:14:05:
                    54:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:DC:E4:89:20:7A:68:7B:73:63:43:BB:DB:BB:04:E3:AE:10:4A:2F
            X509v3 Authority Key Identifier:
                keyid:51:5F:61:A6:E0:8D:ED:6F:1F:F5:05:11:C6:20:89:69:6A:B5:64:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UV9hpuCN7W8f9QURxiCJaWq1ZKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/CNzkiSB6aHtzY0O727sE464QSi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/UV9hpuCN7W8f9QURxiCJaWq1ZKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:71:f2:34:f6:ae:0f:57:4b:5d:31:e0:cf:a3:f3:53:ab:a7:
         5d:2a:7b:2c:b7:82:80:9d:e4:5d:df:50:7b:5b:9b:12:2e:2b:
         fe:3f:88:ca:4b:f8:78:90:e7:e4:23:69:50:d9:e3:6c:ea:05:
         2f:66:cc:fa:d9:33:6c:8e:1f:94:bb:3e:6d:07:b5:b9:df:59:
         17:36:4e:c2:89:de:e0:eb:46:02:c1:5c:26:cf:87:f3:2a:53:
         9b:5a:de:f1:97:db:f1:5b:ce:8b:e4:9f:fc:8c:0e:2f:9b:ef:
         2f:e1:59:b5:f2:60:ba:18:c7:0f:8e:e2:82:4e:36:f7:8f:82:
         ca:2a:a5:e1:50:94:63:4b:ab:7a:d3:c0:62:82:32:9a:70:c0:
         a4:f4:91:b7:fd:bc:e1:08:8b:d7:0e:2e:f0:b0:5a:91:c4:b6:
         b1:70:c9:3f:df:f5:c9:83:94:a5:15:a4:3d:0f:55:28:23:c7:
         d1:9f:73:5a:d7:12:5a:1a:73:a1:3d:ee:5f:7e:42:aa:8a:97:
         d5:ae:a6:48:58:a2:88:97:eb:da:25:1d:28:b0:7c:d7:24:eb:
         e2:fc:9a:bc:c0:5b:97:df:7b:7b:e1:3b:a5:e1:2b:b4:e5:16:
         53:f8:d0:db:46:67:68:96:97:a3:85:e0:ff:17:23:e8:68:99:
         2a:c0:18:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbdGaYlqfNvxWPuHQZfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNWY2MWE2ZTA4ZGVkNmYxZmY1MDUxMWM2MjA4OTY5NmFi
NTY0YTgwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGRjZTQ4OTIwN2E2ODdiNzM2MzQzYmJkYmJiMDRlM2FlMTA0YTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyewSchQZlYeoYl6xM5bgXhGiN6eB
hXlMev37KjIyyCmosZEZFgZGhCTd7Td/dYJ3PkBtJmsZ5WKer0K6NLLG5rdF5/K3
fipXZOh/PFDhOg2sXhZcjYv8Ve5QO5fYy7kuPic/Xmw8kOwOo6SbGumcLHVIbcKA
ARwBoLvwOlhXHtN9i/U4CC8X3eTDSlTgMzR+F3nb+wWe+//AT9VwEO/9Z+7jp5VL
IFSumqIdqToFr5Jqzq1g/8s6Mtriirl3x0bPv5CNDsLZbRZY+1v5VT7Ac1njl4dm
Dsb3/GetypMDx/qd1XujgELBSX1bdSM9UFxmraBO41SaJnLb0w0CFAVUHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjc5Ikgemh7c2NDu9u7BOOuEEovMB8GA1UdIwQY
MBaAFFFfYabgje1vH/UFEcYgiWlqtWSoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVY5aHB1Q043VzhmOVFVUnhpQ0phV3ExWktnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zYTkwZjUtNjViNS00MGI1LThlZDkt
OThjMDk1YzA3ZTI0LzEvQ056a2lTQjZhSHR6WTBPNzI3c0U0NjRRU2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zYTkwZjUtNjViNS00MGI1LThlZDktOThjMDk1YzA3ZTI0
LzEvVVY5aHB1Q043VzhmOVFVUnhpQ0phV3ExWktnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRedMA0G
CSqGSIb3DQEBCwUAA4IBAQAmcfI09q4PV0tdMeDPo/NTq6ddKnsst4KAneRd31B7
W5sSLiv+P4jKS/h4kOfkI2lQ2eNs6gUvZsz62TNsjh+Uuz5tB7W531kXNk7Cid7g
60YCwVwmz4fzKlObWt7xl9vxW86L5J/8jA4vm+8v4Vm18mC6GMcPjuKCTjb3j4LK
KqXhUJRjS6t608BigjKacMCk9JG3/bzhCIvXDi7wsFqRxLaxcMk/3/XJg5SlFaQ9
D1UoI8fRn3Na1xJaGnOhPe5ffkKqipfVrqZIWKKIl+vaJR0osHzXJOvi/Jq8wFuX
33t74Tul4Su05RZT+NDbRmdolpejheD/FyPoaJkqwBiV
-----END CERTIFICATE-----